--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package webkit2gtk
This release contains several fixes cherry picked from the upstream
stable branches. All of them solve either crashes or other important
bugs, and are recommended by the upstream maintainer. At the end there
is also a couple of Debian-specific fixes.
These patches fix crashes:
* debian/patches/fix-jit-crash.patch:
Fix crash in the JIT compiler.
https://bugs.webkit.org/show_bug.cgi?id=137642
* debian/patches/fix-null-renderer.patch:
NULL pointer check in HTMLPlugInImageElement.
https://bugs.webkit.org/show_bug.cgi?id=139057
* debian/patches/fix-integer-overflow.patch:
Fix crash due to integer overflow.
https://bugs.webkit.org/show_bug.cgi?id=139165
* debian/patches/fix-ax-crash.patch:
Fix recursive crash at WebCore::accessibleNameForNode.
https://bugs.webkit.org/show_bug.cgi?id=139616
* debian/patches/fix-clearselection-segfault.patch:
Fix segfault when calling clearSelection on a detached
RenderObject.
https://bugs.webkit.org/show_bug.cgi?id=140275
These are security fixes. The details of the upstream bugs are marked
as private:
* debian/patches/check-tls-errors.patch:
Check TLS errors as soon as they are set in the SoupMessage.
https://bugs.webkit.org/show_bug.cgi?id=142244
* debian/patches/serialized-script-value.patch:
Prevent unsafe access to internal types.
https://bugs.webkit.org/show_bug.cgi?id=138653
* debian/patches/render-block-cast.patch:
Fix invalid cast in WebCore::RenderBlock::blockSelectionGaps.
https://bugs.webkit.org/show_bug.cgi?id=137590
Other important fixes:
* debian/patches/fix-gstreamer-leak.patch:
Fix memory leak in GStreamer code.
https://bugs.webkit.org/show_bug.cgi?id=46560
* debian/patches/remote-inspector.patch:
Regression: make the remote inspector work again.
https://bugs.webkit.org/show_bug.cgi?id=138246
* debian/patches/http-latin1.patch:
Treat HTTP header values as latin1, not UTF-8.
https://bugs.webkit.org/show_bug.cgi?id=128739
* debian/patches/fix-null-string-conversion.patch:
Add NULL check to convertToUTF8String().
https://bugs.webkit.org/show_bug.cgi?id=133904
* debian/patches/fix-timers-animations.patch:
Prevent freeze because of timers never be fired during animations.
https://bugs.webkit.org/show_bug.cgi?id=139062
* debian/patches/fix-date.patch:
Fix erroneous date calculations.
https://bugs.webkit.org/show_bug.cgi?id=130967
Debian-specific fixes:
* debian/patches/fix-ftbfs-hppa.patch:
This fixes a FTBFS in HPPA. It just adds this platform to the
supported list in the CMake configuration files.
https://bugs.debian.org/776281
* debian/libwebkit2gtk-4.0-doc.links:
The documentation does not appear in Devhelp. This just adds a
missing symbolic link.
https://bugs.debian.org/776281
unblock webkit2gtk/2.6.2+dfsg1-4
-- System Information:
Debian Release: 8.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru webkit2gtk-2.6.2+dfsg1/debian/changelog webkit2gtk-2.6.2+dfsg1/debian/changelog
--- webkit2gtk-2.6.2+dfsg1/debian/changelog 2014-12-07 18:53:35.000000000 +0200
+++ webkit2gtk-2.6.2+dfsg1/debian/changelog 2015-03-06 09:33:28.000000000 +0200
@@ -1,3 +1,41 @@
+webkit2gtk (2.6.2+dfsg1-4) unstable; urgency=medium
+
+ * debian/patches/fix-ftbfs-hppa.patch:
+ + Fix FTBFS in HPPA (Closes: #776281).
+ * debian/libwebkit2gtk-4.0-doc.links:
+ + Add symbolic link to make the documentation appear in devhelp
+ (Closes: #777589).
+ * debian/patches/fix-gstreamer-leak.patch:
+ + Fix memory leak in GStreamer code.
+ * debian/patches/remote-inspector.patch:
+ + Make the remote inspector work again.
+ * debian/patches/render-block-cast.patch:
+ + Fix invalid cast in WebCore::RenderBlock::blockSelectionGaps.
+ * debian/patches/fix-jit-crash.patch:
+ + Fix crash in SpeculativeJIT::compile() when loading theblaze.com.
+ * debian/patches/fix-null-renderer.patch:
+ + NULL pointer check in HTMLPlugInImageElement.
+ * debian/patches/fix-integer-overflow.patch:
+ + Fix crash due to integer overflow.
+ * debian/patches/serialized-script-value.patch:
+ + Prevent unsafe access to internal types.
+ * debian/patches/http-latin1.patch:
+ + HTTP header values should be treated as latin1, not UTF-8.
+ * debian/patches/fix-null-string-conversion.patch:
+ + Add NULL check to convertToUTF8String().
+ * debian/patches/fix-timers-animations.patch:
+ + Timers might never be fired during animations.
+ * debian/patches/fix-ax-crash.patch:
+ + Recursive crash at WebCore::accessibleNameForNode.
+ * debian/patches/fix-clearselection-segfault.patch:
+ + Fix segfault when calling clearSelection on a detached RenderObject.
+ * debian/patches/fix-date.patch:
+ + String(new Date(Mar 30 2014 01:00:00)) is wrong in CET.
+ * debian/patches/check-tls-errors.patch:
+ + Check TLS errors as soon as they are set in the SoupMessage.
+
+ -- Alberto Garcia <berto@igalia.com> Fri, 06 Mar 2015 09:33:11 +0200
+
webkit2gtk (2.6.2+dfsg1-3) unstable; urgency=medium
* debian/patches/no-ssl-record-version.patch:
diff -Nru webkit2gtk-2.6.2+dfsg1/debian/libwebkit2gtk-4.0-doc.links webkit2gtk-2.6.2+dfsg1/debian/libwebkit2gtk-4.0-doc.links
--- webkit2gtk-2.6.2+dfsg1/debian/libwebkit2gtk-4.0-doc.links 2014-12-07 18:53:35.000000000 +0200
+++ webkit2gtk-2.6.2+dfsg1/debian/libwebkit2gtk-4.0-doc.links 2015-03-06 09:33:28.000000000 +0200
@@ -1 +1,2 @@
usr/share/doc/libwebkit2gtk-4.0-doc/html usr/share/gtk-doc/html/webkit2gtk-4.0
+usr/share/doc/libwebkit2gtk-4.0-doc/html/webkit2gtk.devhelp2.gz usr/share/doc/libwebkit2gtk-4.0-doc/html/webkit2gtk-4.0.devhelp2.gz
diff -Nru webkit2gtk-2.6.2+dfsg1/debian/patches/check-tls-errors.patch webkit2gtk-2.6.2+dfsg1/debian/patches/check-tls-errors.patch
--- webkit2gtk-2.6.2+dfsg1/debian/patches/check-tls-errors.patch 1970-01-01 02:00:00.000000000 +0200
+++ webkit2gtk-2.6.2+dfsg1/debian/patches/check-tls-errors.patch 2015-03-06 09:33:28.000000000 +0200
@@ -0,0 +1,121 @@
+From: Carlos Garcia Campos <carlosgc@webkit.org>
+Subject: Check TLS errors as soon as they are set in the SoupMessage
+Bug: https://bugs.webkit.org/show_bug.cgi?id=142244
+Origin: http://trac.webkit.org/changeset/181074
+Index: webkitgtk/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp
+===================================================================
+--- webkitgtk.orig/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp
++++ webkitgtk/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp
+@@ -331,16 +331,21 @@ static bool handleUnignoredTLSErrors(Res
+ return true;
+ }
+
+-static void gotHeadersCallback(SoupMessage* message, gpointer data)
++static void tlsErrorsChangedCallback(SoupMessage* message, GParamSpec*, gpointer data)
+ {
+ ResourceHandle* handle = static_cast<ResourceHandle*>(data);
+ if (!handle || handle->cancelledOrClientless())
+ return;
+
+- if (handleUnignoredTLSErrors(handle, message)) {
++ if (handleUnignoredTLSErrors(handle, message))
+ handle->cancel();
++}
++
++static void gotHeadersCallback(SoupMessage* message, gpointer data)
++{
++ ResourceHandle* handle = static_cast<ResourceHandle*>(data);
++ if (!handle || handle->cancelledOrClientless())
+ return;
+- }
+
+ ResourceHandleInternal* d = handle->getInternal();
+
+@@ -931,6 +936,7 @@ static bool createSoupMessageForHandleAn
+ && (!request.httpBody() || request.httpBody()->isEmpty()))
+ soup_message_headers_set_content_length(soupMessage->request_headers, 0);
+
++ g_signal_connect(d->m_soupMessage.get(), "notify::tls-errors", G_CALLBACK(tlsErrorsChangedCallback), handle);
+ g_signal_connect(d->m_soupMessage.get(), "got-headers", G_CALLBACK(gotHeadersCallback), handle);
+ g_signal_connect(d->m_soupMessage.get(), "wrote-body-data", G_CALLBACK(wroteBodyDataCallback), handle);
+
+Index: webkitgtk/Tools/TestWebKitAPI/Tests/WebKit2Gtk/TestSSL.cpp
+===================================================================
+--- webkitgtk.orig/Tools/TestWebKitAPI/Tests/WebKit2Gtk/TestSSL.cpp
++++ webkitgtk/Tools/TestWebKitAPI/Tests/WebKit2Gtk/TestSSL.cpp
+@@ -129,16 +129,21 @@ static void testInsecureContent(Insecure
+ webkit_web_context_set_tls_errors_policy(context, originalPolicy);
+ }
+
++static bool assertIfSSLRequestProcessed = false;
++
+ static void testTLSErrorsPolicy(SSLTest* test, gconstpointer)
+ {
+ WebKitWebContext* context = webkit_web_view_get_context(test->m_webView);
+ // TLS errors are treated as transport failures by default.
+ g_assert(webkit_web_context_get_tls_errors_policy(context) == WEBKIT_TLS_ERRORS_POLICY_FAIL);
++
++ assertIfSSLRequestProcessed = true;
+ test->loadURI(kHttpsServer->getURIForPath("/").data());
+ test->waitUntilLoadFinished();
+ g_assert(test->m_loadFailed);
+ g_assert(test->m_loadEvents.contains(LoadTrackingTest::ProvisionalLoadFailed));
+ g_assert(!test->m_loadEvents.contains(LoadTrackingTest::LoadCommitted));
++ assertIfSSLRequestProcessed = false;
+
+ webkit_web_context_set_tls_errors_policy(context, WEBKIT_TLS_ERRORS_POLICY_IGNORE);
+ g_assert(webkit_web_context_get_tls_errors_policy(context) == WEBKIT_TLS_ERRORS_POLICY_IGNORE);
+@@ -158,11 +163,13 @@ static void testTLSErrorsRedirect(SSLTes
+ WebKitTLSErrorsPolicy originalPolicy = webkit_web_context_get_tls_errors_policy(context);
+ webkit_web_context_set_tls_errors_policy(context, WEBKIT_TLS_ERRORS_POLICY_FAIL);
+
++ assertIfSSLRequestProcessed = true;
+ test->loadURI(kHttpsServer->getURIForPath("/redirect").data());
+ test->waitUntilLoadFinished();
+ g_assert(test->m_loadFailed);
+ g_assert(test->m_loadEvents.contains(LoadTrackingTest::ProvisionalLoadFailed));
+ g_assert(!test->m_loadEvents.contains(LoadTrackingTest::LoadCommitted));
++ assertIfSSLRequestProcessed = false;
+
+ webkit_web_context_set_tls_errors_policy(context, originalPolicy);
+ }
+@@ -180,12 +187,14 @@ static void testTLSErrorsHTTPAuth(SSLTes
+ WebKitTLSErrorsPolicy originalPolicy = webkit_web_context_get_tls_errors_policy(context);
+ webkit_web_context_set_tls_errors_policy(context, WEBKIT_TLS_ERRORS_POLICY_FAIL);
+
++ assertIfSSLRequestProcessed = true;
+ g_signal_connect(test->m_webView, "authenticate", G_CALLBACK(webViewAuthenticationCallback), NULL);
+ test->loadURI(kHttpsServer->getURIForPath("/auth").data());
+ test->waitUntilLoadFinished();
+ g_assert(test->m_loadFailed);
+ g_assert(test->m_loadEvents.contains(LoadTrackingTest::ProvisionalLoadFailed));
+ g_assert(!test->m_loadEvents.contains(LoadTrackingTest::LoadCommitted));
++ assertIfSSLRequestProcessed = false;
+
+ webkit_web_context_set_tls_errors_policy(context, originalPolicy);
+ }
+@@ -235,6 +244,7 @@ static void testLoadFailedWithTLSErrors(
+ WebKitTLSErrorsPolicy originalPolicy = webkit_web_context_get_tls_errors_policy(context);
+ webkit_web_context_set_tls_errors_policy(context, WEBKIT_TLS_ERRORS_POLICY_FAIL);
+
++ assertIfSSLRequestProcessed = true;
+ // The load-failed-with-tls-errors signal should be emitted when there is a TLS failure.
+ test->loadURI(kHttpsServer->getURIForPath("/test-tls/").data());
+ test->waitUntilLoadFinished();
+@@ -244,6 +254,7 @@ static void testLoadFailedWithTLSErrors(
+ g_assert_cmpint(test->m_loadEvents[0], ==, LoadTrackingTest::ProvisionalLoadStarted);
+ g_assert_cmpint(test->m_loadEvents[1], ==, LoadTrackingTest::LoadFailedWithTLSErrors);
+ g_assert_cmpint(test->m_loadEvents[2], ==, LoadTrackingTest::LoadFinished);
++ assertIfSSLRequestProcessed = false;
+
+ // Test allowing an exception for this certificate on this host.
+ webkit_web_context_allow_tls_certificate_for_host(context, test->certificate(), test->host());
+@@ -267,6 +278,8 @@ static void httpsServerCallback(SoupServ
+ return;
+ }
+
++ g_assert(!assertIfSSLRequestProcessed);
++
+ if (g_str_equal(path, "/")) {
+ soup_message_set_status(message, SOUP_STATUS_OK);
+ soup_message_body_append(message->response_body, SOUP_MEMORY_STATIC, indexHTML, strlen(indexHTML));
diff -Nru webkit2gtk-2.6.2+dfsg1/debian/patches/fix-ax-crash.patch webkit2gtk-2.6.2+dfsg1/debian/patches/fix-ax-crash.patch
--- webkit2gtk-2.6.2+dfsg1/debian/patches/fix-ax-crash.patch 1970-01-01 02:00:00.000000000 +0200
+++ webkit2gtk-2.6.2+dfsg1/debian/patches/fix-ax-crash.patch 2015-03-06 09:33:28.000000000 +0200
@@ -0,0 +1,75 @@
+From: Carlos Garcia Campos <carlosgc@webkit.org>
+Subject: Recursive crash at WebCore::accessibleNameForNode
+Bug: https://bugs.webkit.org/show_bug.cgi?id=139616
+Origin: http://trac.webkit.org/changeset/178359
+Index: webkitgtk/Source/WebCore/accessibility/AccessibilityNodeObject.cpp
+===================================================================
+--- webkitgtk.orig/Source/WebCore/accessibility/AccessibilityNodeObject.cpp
++++ webkitgtk/Source/WebCore/accessibility/AccessibilityNodeObject.cpp
+@@ -86,7 +86,7 @@ namespace WebCore {
+
+ using namespace HTMLNames;
+
+-static String accessibleNameForNode(Node*);
++static String accessibleNameForNode(Node* node, Node* labelledbyNode = nullptr);
+
+ AccessibilityNodeObject::AccessibilityNodeObject(Node* node)
+ : AccessibilityObject()
+@@ -1664,6 +1664,8 @@ String AccessibilityNodeObject::textUnde
+
+ StringBuilder builder;
+ for (AccessibilityObject* child = firstChild(); child; child = child->nextSibling()) {
++ if (mode.ignoredChildNode && child->node() == mode.ignoredChildNode)
++ continue;
+
+ bool shouldDeriveNameFromAuthor = (mode.childrenInclusion == AccessibilityTextUnderElementMode::TextUnderElementModeIncludeNameFromContentsChildren && !child->accessibleNameDerivesFromContent());
+ if (shouldDeriveNameFromAuthor) {
+@@ -1840,7 +1842,7 @@ void AccessibilityNodeObject::colorValue
+
+ // This function implements the ARIA accessible name as described by the Mozilla
+ // ARIA Implementer's Guide.
+-static String accessibleNameForNode(Node* node)
++static String accessibleNameForNode(Node* node, Node* labelledbyNode)
+ {
+ ASSERT(node);
+ if (!node || !node->isElementNode())
+@@ -1870,7 +1872,7 @@ static String accessibleNameForNode(Node
+ String text;
+ if (axObject) {
+ if (axObject->accessibleNameDerivesFromContent())
+- text = axObject->textUnderElement(AccessibilityTextUnderElementMode(AccessibilityTextUnderElementMode::TextUnderElementModeIncludeNameFromContentsChildren, true));
++ text = axObject->textUnderElement(AccessibilityTextUnderElementMode(AccessibilityTextUnderElementMode::TextUnderElementModeIncludeNameFromContentsChildren, true, labelledbyNode));
+ } else
+ text = element->innerText();
+
+@@ -1889,7 +1891,7 @@ String AccessibilityNodeObject::accessib
+ StringBuilder builder;
+ unsigned size = elements.size();
+ for (unsigned i = 0; i < size; ++i)
+- appendNameToStringBuilder(builder, accessibleNameForNode(elements[i]));
++ appendNameToStringBuilder(builder, accessibleNameForNode(elements[i], node()));
+ return builder.toString();
+ }
+
+Index: webkitgtk/Source/WebCore/accessibility/AccessibilityObject.h
+===================================================================
+--- webkitgtk.orig/Source/WebCore/accessibility/AccessibilityObject.h
++++ webkitgtk/Source/WebCore/accessibility/AccessibilityObject.h
+@@ -253,11 +253,13 @@ struct AccessibilityTextUnderElementMode
+
+ ChildrenInclusion childrenInclusion;
+ bool includeFocusableContent;
++ Node* ignoredChildNode;
+
+- AccessibilityTextUnderElementMode(ChildrenInclusion c = TextUnderElementModeSkipIgnoredChildren, bool i = false)
+- : childrenInclusion(c)
+- , includeFocusableContent(i)
+- { }
++ AccessibilityTextUnderElementMode(ChildrenInclusion c = TextUnderElementModeSkipIgnoredChildren, bool i = false, Node* ignored = nullptr)
++ : childrenInclusion(c)
++ , includeFocusableContent(i)
++ , ignoredChildNode(ignored)
++ { }
+ };
+
+ enum AccessibilityOrientation {
diff -Nru webkit2gtk-2.6.2+dfsg1/debian/patches/fix-clearselection-segfault.patch webkit2gtk-2.6.2+dfsg1/debian/patches/fix-clearselection-segfault.patch
--- webkit2gtk-2.6.2+dfsg1/debian/patches/fix-clearselection-segfault.patch 1970-01-01 02:00:00.000000000 +0200
+++ webkit2gtk-2.6.2+dfsg1/debian/patches/fix-clearselection-segfault.patch 2015-03-06 09:33:28.000000000 +0200
@@ -0,0 +1,39 @@
+From: Carlos Garcia Campos <carlosgc@webkit.org>
+Subject: Fix segfault when calling clearSelection on a detached RenderObject
+Bug: https://bugs.webkit.org/show_bug.cgi?id=140275
+Origin: http://trac.webkit.org/changeset/178360
+Index: webkitgtk/Source/WebCore/rendering/RenderBox.cpp
+===================================================================
+--- webkitgtk.orig/Source/WebCore/rendering/RenderBox.cpp
++++ webkitgtk/Source/WebCore/rendering/RenderBox.cpp
+@@ -1828,6 +1828,8 @@ LayoutUnit RenderBox::containingBlockLog
+ #endif
+
+ RenderBlock* cb = containingBlock();
++ if (!cb)
++ return LayoutUnit();
+ return cb->availableLogicalWidth();
+ }
+
+@@ -1839,6 +1841,8 @@ LayoutUnit RenderBox::containingBlockLog
+ #endif
+
+ RenderBlock* cb = containingBlock();
++ if (!cb)
++ return LayoutUnit();
+ return cb->availableLogicalHeight(heightType);
+ }
+
+Index: webkitgtk/Source/WebCore/rendering/RenderView.cpp
+===================================================================
+--- webkitgtk.orig/Source/WebCore/rendering/RenderView.cpp
++++ webkitgtk/Source/WebCore/rendering/RenderView.cpp
+@@ -1105,7 +1105,7 @@ void RenderView::getSelection(RenderObje
+ void RenderView::clearSelection()
+ {
+ layer()->repaintBlockSelectionGaps();
+- setSelection(0, -1, 0, -1, RepaintNewMinusOld);
++ setSelection(nullptr, -1, nullptr, -1, RepaintNewMinusOld);
+ }
+
+ bool RenderView::printing() const
diff -Nru webkit2gtk-2.6.2+dfsg1/debian/patches/fix-date.patch webkit2gtk-2.6.2+dfsg1/debian/patches/fix-date.patch
--- webkit2gtk-2.6.2+dfsg1/debian/patches/fix-date.patch 1970-01-01 02:00:00.000000000 +0200
+++ webkit2gtk-2.6.2+dfsg1/debian/patches/fix-date.patch 2015-03-06 09:33:28.000000000 +0200
@@ -0,0 +1,477 @@
+From: Carlos Garcia Campos <carlosgc@webkit.org>
+Subject: String(new Date(Mar 30 2014 01:00:00)) is wrong in CET
+Bug: https://bugs.webkit.org/show_bug.cgi?id=130967
+Origin: http://trac.webkit.org/changeset/175904
+Index: webkitgtk/Source/JavaScriptCore/runtime/DateConstructor.cpp
+===================================================================
+--- webkitgtk.orig/Source/JavaScriptCore/runtime/DateConstructor.cpp
++++ webkitgtk/Source/JavaScriptCore/runtime/DateConstructor.cpp
+@@ -166,7 +166,7 @@ JSObject* constructDate(ExecState* exec,
+ t.setSecond(JSC::toInt32(doubleArguments[5]));
+ t.setIsDST(-1);
+ double ms = (numArgs >= 7) ? doubleArguments[6] : 0;
+- value = gregorianDateTimeToMS(vm, t, ms, false);
++ value = gregorianDateTimeToMS(vm, t, ms, WTF::LocalTime);
+ }
+ }
+
+@@ -190,7 +190,7 @@ static EncodedJSValue JSC_HOST_CALL call
+ {
+ VM& vm = exec->vm();
+ GregorianDateTime ts;
+- msToGregorianDateTime(vm, currentTimeMS(), false, ts);
++ msToGregorianDateTime(vm, currentTimeMS(), WTF::LocalTime, ts);
+ return JSValue::encode(jsNontrivialString(&vm, formatDateTime(ts, DateTimeFormatDateAndTime, false)));
+ }
+
+@@ -244,7 +244,7 @@ EncodedJSValue JSC_HOST_CALL dateUTC(Exe
+ t.setMinute(JSC::toInt32(doubleArguments[4]));
+ t.setSecond(JSC::toInt32(doubleArguments[5]));
+ double ms = (n >= 7) ? doubleArguments[6] : 0;
+- return JSValue::encode(jsNumber(timeClip(gregorianDateTimeToMS(exec->vm(), t, ms, true))));
++ return JSValue::encode(jsNumber(timeClip(gregorianDateTimeToMS(exec->vm(), t, ms, WTF::UTCTime))));
+ }
+
+ } // namespace JSC
+Index: webkitgtk/Source/JavaScriptCore/runtime/DateInstance.cpp
+===================================================================
+--- webkitgtk.orig/Source/JavaScriptCore/runtime/DateInstance.cpp
++++ webkitgtk/Source/JavaScriptCore/runtime/DateInstance.cpp
+@@ -69,7 +69,7 @@ const GregorianDateTime* DateInstance::c
+ m_data = vm.dateInstanceCache.add(milli);
+
+ if (m_data->m_gregorianDateTimeCachedForMS != milli) {
+- msToGregorianDateTime(vm, milli, false, m_data->m_cachedGregorianDateTime);
++ msToGregorianDateTime(vm, milli, WTF::LocalTime, m_data->m_cachedGregorianDateTime);
+ m_data->m_gregorianDateTimeCachedForMS = milli;
+ }
+ return &m_data->m_cachedGregorianDateTime;
+@@ -86,7 +86,7 @@ const GregorianDateTime* DateInstance::c
+ m_data = vm.dateInstanceCache.add(milli);
+
+ if (m_data->m_gregorianDateTimeUTCCachedForMS != milli) {
+- msToGregorianDateTime(vm, milli, true, m_data->m_cachedGregorianDateTimeUTC);
++ msToGregorianDateTime(vm, milli, WTF::UTCTime, m_data->m_cachedGregorianDateTimeUTC);
+ m_data->m_gregorianDateTimeUTCCachedForMS = milli;
+ }
+ return &m_data->m_cachedGregorianDateTimeUTC;
+Index: webkitgtk/Source/JavaScriptCore/runtime/DatePrototype.cpp
+===================================================================
+--- webkitgtk.orig/Source/JavaScriptCore/runtime/DatePrototype.cpp
++++ webkitgtk/Source/JavaScriptCore/runtime/DatePrototype.cpp
+@@ -859,7 +859,7 @@ EncodedJSValue JSC_HOST_CALL dateProtoFu
+ return JSValue::encode(result);
+ }
+
+-static EncodedJSValue setNewValueFromTimeArgs(ExecState* exec, int numArgsToUse, bool inputIsUTC)
++static EncodedJSValue setNewValueFromTimeArgs(ExecState* exec, int numArgsToUse, WTF::TimeType inputTimeType)
+ {
+ JSValue thisValue = exec->thisValue();
+ if (!thisValue.inherits(DateInstance::info()))
+@@ -878,7 +878,7 @@ static EncodedJSValue setNewValueFromTim
+ double secs = floor(milli / msPerSecond);
+ double ms = milli - secs * msPerSecond;
+
+- const GregorianDateTime* other = inputIsUTC
++ const GregorianDateTime* other = inputTimeType == WTF::UTCTime
+ ? thisDateObj->gregorianDateTimeUTC(exec)
+ : thisDateObj->gregorianDateTime(exec);
+ if (!other)
+@@ -892,12 +892,12 @@ static EncodedJSValue setNewValueFromTim
+ return JSValue::encode(result);
+ }
+
+- JSValue result = jsNumber(gregorianDateTimeToMS(vm, gregorianDateTime, ms, inputIsUTC));
++ JSValue result = jsNumber(gregorianDateTimeToMS(vm, gregorianDateTime, ms, inputTimeType));
+ thisDateObj->setInternalValue(vm, result);
+ return JSValue::encode(result);
+ }
+
+-static EncodedJSValue setNewValueFromDateArgs(ExecState* exec, int numArgsToUse, bool inputIsUTC)
++static EncodedJSValue setNewValueFromDateArgs(ExecState* exec, int numArgsToUse, WTF::TimeType inputTimeType)
+ {
+ JSValue thisValue = exec->thisValue();
+ if (!thisValue.inherits(DateInstance::info()))
+@@ -916,10 +916,10 @@ static EncodedJSValue setNewValueFromDat
+
+ GregorianDateTime gregorianDateTime;
+ if (numArgsToUse == 3 && std::isnan(milli))
+- msToGregorianDateTime(vm, 0, true, gregorianDateTime);
++ msToGregorianDateTime(vm, 0, WTF::UTCTime, gregorianDateTime);
+ else {
+ ms = milli - floor(milli / msPerSecond) * msPerSecond;
+- const GregorianDateTime* other = inputIsUTC
++ const GregorianDateTime* other = inputTimeType == WTF::UTCTime
+ ? thisDateObj->gregorianDateTimeUTC(exec)
+ : thisDateObj->gregorianDateTime(exec);
+ if (!other)
+@@ -933,93 +933,93 @@ static EncodedJSValue setNewValueFromDat
+ return JSValue::encode(result);
+ }
+
+- JSValue result = jsNumber(gregorianDateTimeToMS(vm, gregorianDateTime, ms, inputIsUTC));
++ JSValue result = jsNumber(gregorianDateTimeToMS(vm, gregorianDateTime, ms, inputTimeType));
+ thisDateObj->setInternalValue(vm, result);
+ return JSValue::encode(result);
+ }
+
+ EncodedJSValue JSC_HOST_CALL dateProtoFuncSetMilliSeconds(ExecState* exec)
+ {
+- const bool inputIsUTC = false;
+- return setNewValueFromTimeArgs(exec, 1, inputIsUTC);
++ const WTF::TimeType inputTimeType = WTF::LocalTime;
++ return setNewValueFromTimeArgs(exec, 1, inputTimeType);
+ }
+
+ EncodedJSValue JSC_HOST_CALL dateProtoFuncSetUTCMilliseconds(ExecState* exec)
+ {
+- const bool inputIsUTC = true;
+- return setNewValueFromTimeArgs(exec, 1, inputIsUTC);
++ const WTF::TimeType inputTimeType = WTF::UTCTime;
++ return setNewValueFromTimeArgs(exec, 1, inputTimeType);
+ }
+
+ EncodedJSValue JSC_HOST_CALL dateProtoFuncSetSeconds(ExecState* exec)
+ {
+- const bool inputIsUTC = false;
+- return setNewValueFromTimeArgs(exec, 2, inputIsUTC);
++ const WTF::TimeType inputTimeType = WTF::LocalTime;
++ return setNewValueFromTimeArgs(exec, 2, inputTimeType);
+ }
+
+ EncodedJSValue JSC_HOST_CALL dateProtoFuncSetUTCSeconds(ExecState* exec)
+ {
+- const bool inputIsUTC = true;
+- return setNewValueFromTimeArgs(exec, 2, inputIsUTC);
++ const WTF::TimeType inputTimeType = WTF::UTCTime;
++ return setNewValueFromTimeArgs(exec, 2, inputTimeType);
+ }
+
+ EncodedJSValue JSC_HOST_CALL dateProtoFuncSetMinutes(ExecState* exec)
+ {
+- const bool inputIsUTC = false;
+- return setNewValueFromTimeArgs(exec, 3, inputIsUTC);
++ const WTF::TimeType inputTimeType = WTF::LocalTime;
++ return setNewValueFromTimeArgs(exec, 3, inputTimeType);
+ }
+
+ EncodedJSValue JSC_HOST_CALL dateProtoFuncSetUTCMinutes(ExecState* exec)
+ {
+- const bool inputIsUTC = true;
+- return setNewValueFromTimeArgs(exec, 3, inputIsUTC);
++ const WTF::TimeType inputTimeType = WTF::UTCTime;
++ return setNewValueFromTimeArgs(exec, 3, inputTimeType);
+ }
+
+ EncodedJSValue JSC_HOST_CALL dateProtoFuncSetHours(ExecState* exec)
+ {
+- const bool inputIsUTC = false;
+- return setNewValueFromTimeArgs(exec, 4, inputIsUTC);
++ const WTF::TimeType inputTimeType = WTF::LocalTime;
++ return setNewValueFromTimeArgs(exec, 4, inputTimeType);
+ }
+
+ EncodedJSValue JSC_HOST_CALL dateProtoFuncSetUTCHours(ExecState* exec)
+ {
+- const bool inputIsUTC = true;
+- return setNewValueFromTimeArgs(exec, 4, inputIsUTC);
++ const WTF::TimeType inputTimeType = WTF::UTCTime;
++ return setNewValueFromTimeArgs(exec, 4, inputTimeType);
+ }
+
+ EncodedJSValue JSC_HOST_CALL dateProtoFuncSetDate(ExecState* exec)
+ {
+- const bool inputIsUTC = false;
+- return setNewValueFromDateArgs(exec, 1, inputIsUTC);
++ const WTF::TimeType inputTimeType = WTF::LocalTime;
++ return setNewValueFromDateArgs(exec, 1, inputTimeType);
+ }
+
+ EncodedJSValue JSC_HOST_CALL dateProtoFuncSetUTCDate(ExecState* exec)
+ {
+- const bool inputIsUTC = true;
+- return setNewValueFromDateArgs(exec, 1, inputIsUTC);
++ const WTF::TimeType inputTimeType = WTF::UTCTime;
++ return setNewValueFromDateArgs(exec, 1, inputTimeType);
+ }
+
+ EncodedJSValue JSC_HOST_CALL dateProtoFuncSetMonth(ExecState* exec)
+ {
+- const bool inputIsUTC = false;
+- return setNewValueFromDateArgs(exec, 2, inputIsUTC);
++ const WTF::TimeType inputTimeType = WTF::LocalTime;
++ return setNewValueFromDateArgs(exec, 2, inputTimeType);
+ }
+
+ EncodedJSValue JSC_HOST_CALL dateProtoFuncSetUTCMonth(ExecState* exec)
+ {
+- const bool inputIsUTC = true;
+- return setNewValueFromDateArgs(exec, 2, inputIsUTC);
++ const WTF::TimeType inputTimeType = WTF::UTCTime;
++ return setNewValueFromDateArgs(exec, 2, inputTimeType);
+ }
+
+ EncodedJSValue JSC_HOST_CALL dateProtoFuncSetFullYear(ExecState* exec)
+ {
+- const bool inputIsUTC = false;
+- return setNewValueFromDateArgs(exec, 3, inputIsUTC);
++ const WTF::TimeType inputTimeType = WTF::LocalTime;
++ return setNewValueFromDateArgs(exec, 3, inputTimeType);
+ }
+
+ EncodedJSValue JSC_HOST_CALL dateProtoFuncSetUTCFullYear(ExecState* exec)
+ {
+- const bool inputIsUTC = true;
+- return setNewValueFromDateArgs(exec, 3, inputIsUTC);
++ const WTF::TimeType inputTimeType = WTF::UTCTime;
++ return setNewValueFromDateArgs(exec, 3, inputTimeType);
+ }
+
+ EncodedJSValue JSC_HOST_CALL dateProtoFuncSetYear(ExecState* exec)
+@@ -1043,7 +1043,7 @@ EncodedJSValue JSC_HOST_CALL dateProtoFu
+ if (std::isnan(milli))
+ // Based on ECMA 262 B.2.5 (setYear)
+ // the time must be reset to +0 if it is NaN.
+- msToGregorianDateTime(vm, 0, true, gregorianDateTime);
++ msToGregorianDateTime(vm, 0, WTF::UTCTime, gregorianDateTime);
+ else {
+ double secs = floor(milli / msPerSecond);
+ ms = milli - secs * msPerSecond;
+@@ -1059,7 +1059,7 @@ EncodedJSValue JSC_HOST_CALL dateProtoFu
+ }
+
+ gregorianDateTime.setYear(toInt32((year >= 0 && year <= 99) ? (year + 1900) : year));
+- JSValue result = jsNumber(gregorianDateTimeToMS(vm, gregorianDateTime, ms, false));
++ JSValue result = jsNumber(gregorianDateTimeToMS(vm, gregorianDateTime, ms, WTF::LocalTime));
+ thisDateObj->setInternalValue(vm, result);
+ return JSValue::encode(result);
+ }
+Index: webkitgtk/Source/JavaScriptCore/runtime/JSDateMath.cpp
+===================================================================
+--- webkitgtk.orig/Source/JavaScriptCore/runtime/JSDateMath.cpp
++++ webkitgtk/Source/JavaScriptCore/runtime/JSDateMath.cpp
+@@ -132,13 +132,14 @@ static inline int msToWeekDay(double ms)
+ // NOTE: The implementation relies on the fact that no time zones have
+ // more than one daylight savings offset change per month.
+ // If this function is called with NaN it returns NaN.
+-static LocalTimeOffset localTimeOffset(VM& vm, double ms)
++static LocalTimeOffset localTimeOffset(VM& vm, double ms, WTF::TimeType inputTimeType = WTF::UTCTime)
+ {
+ LocalTimeOffsetCache& cache = vm.localTimeOffsetCache;
+ double start = cache.start;
+ double end = cache.end;
++ WTF::TimeType cachedTimeType = cache.timeType;
+
+- if (start <= ms) {
++ if (cachedTimeType == inputTimeType && start <= ms) {
+ // If the time fits in the cached interval, return the cached offset.
+ if (ms <= end) return cache.offset;
+
+@@ -146,7 +147,7 @@ static LocalTimeOffset localTimeOffset(V
+ double newEnd = end + cache.increment;
+
+ if (ms <= newEnd) {
+- LocalTimeOffset endOffset = calculateLocalTimeOffset(newEnd);
++ LocalTimeOffset endOffset = calculateLocalTimeOffset(newEnd, inputTimeType);
+ if (cache.offset == endOffset) {
+ // If the offset at the end of the new interval still matches
+ // the offset in the cache, we grow the cached time interval
+@@ -155,7 +156,7 @@ static LocalTimeOffset localTimeOffset(V
+ cache.increment = msPerMonth;
+ return endOffset;
+ }
+- LocalTimeOffset offset = calculateLocalTimeOffset(ms);
++ LocalTimeOffset offset = calculateLocalTimeOffset(ms, inputTimeType);
+ if (offset == endOffset) {
+ // The offset at the given time is equal to the offset at the
+ // new end of the interval, so that means that we've just skipped
+@@ -180,31 +181,31 @@ static LocalTimeOffset localTimeOffset(V
+ // Compute the DST offset for the time and shrink the cache interval
+ // to only contain the time. This allows fast repeated DST offset
+ // computations for the same time.
+- LocalTimeOffset offset = calculateLocalTimeOffset(ms);
++ LocalTimeOffset offset = calculateLocalTimeOffset(ms, inputTimeType);
+ cache.offset = offset;
+ cache.start = ms;
+ cache.end = ms;
+ cache.increment = msPerMonth;
++ cache.timeType = inputTimeType;
+ return offset;
+ }
+
+-double gregorianDateTimeToMS(VM& vm, const GregorianDateTime& t, double milliSeconds, bool inputIsUTC)
++double gregorianDateTimeToMS(VM& vm, const GregorianDateTime& t, double milliSeconds, WTF::TimeType inputTimeType)
+ {
+ double day = dateToDaysFrom1970(t.year(), t.month(), t.monthDay());
+ double ms = timeToMS(t.hour(), t.minute(), t.second(), milliSeconds);
+- double result = (day * WTF::msPerDay) + ms;
++ double localTimeResult = (day * WTF::msPerDay) + ms;
++ double localToUTCTimeOffset = inputTimeType == LocalTime
++ ? localTimeOffset(vm, localTimeResult, inputTimeType).offset : 0;
+
+- if (!inputIsUTC)
+- result -= localTimeOffset(vm, result).offset;
+-
+- return result;
++ return localTimeResult - localToUTCTimeOffset;
+ }
+
+ // input is UTC
+-void msToGregorianDateTime(VM& vm, double ms, bool outputIsUTC, GregorianDateTime& tm)
++void msToGregorianDateTime(VM& vm, double ms, WTF::TimeType outputTimeType, GregorianDateTime& tm)
+ {
+ LocalTimeOffset localTime;
+- if (!outputIsUTC) {
++ if (outputTimeType == WTF::LocalTime) {
+ localTime = localTimeOffset(vm, ms);
+ ms += localTime.offset;
+ }
+@@ -226,15 +227,15 @@ double parseDateFromNullTerminatedCharac
+ {
+ bool haveTZ;
+ int offset;
+- double ms = WTF::parseDateFromNullTerminatedCharacters(dateString, haveTZ, offset);
+- if (std::isnan(ms))
++ double localTimeMS = WTF::parseDateFromNullTerminatedCharacters(dateString, haveTZ, offset);
++ if (std::isnan(localTimeMS))
+ return std::numeric_limits<double>::quiet_NaN();
+
+- // fall back to local timezone
++ // fall back to local timezone.
+ if (!haveTZ)
+- offset = localTimeOffset(vm, ms).offset / WTF::msPerMinute;
++ offset = localTimeOffset(vm, localTimeMS, WTF::LocalTime).offset / WTF::msPerMinute;
+
+- return ms - (offset * WTF::msPerMinute);
++ return localTimeMS - (offset * WTF::msPerMinute);
+ }
+
+ double parseDate(VM& vm, const String& date)
+Index: webkitgtk/Source/JavaScriptCore/runtime/JSDateMath.h
+===================================================================
+--- webkitgtk.orig/Source/JavaScriptCore/runtime/JSDateMath.h
++++ webkitgtk/Source/JavaScriptCore/runtime/JSDateMath.h
+@@ -50,8 +50,8 @@ namespace JSC {
+
+ class VM;
+
+-JS_EXPORT_PRIVATE void msToGregorianDateTime(VM&, double, bool outputIsUTC, GregorianDateTime&);
+-JS_EXPORT_PRIVATE double gregorianDateTimeToMS(VM&, const GregorianDateTime&, double, bool inputIsUTC);
++JS_EXPORT_PRIVATE void msToGregorianDateTime(VM&, double, WTF::TimeType outputTimeType, GregorianDateTime&);
++JS_EXPORT_PRIVATE double gregorianDateTimeToMS(VM&, const GregorianDateTime&, double, WTF::TimeType inputTimeType);
+ JS_EXPORT_PRIVATE double getUTCOffset(VM&);
+ JS_EXPORT_PRIVATE double parseDateFromNullTerminatedCharacters(VM&, const char* dateString);
+ JS_EXPORT_PRIVATE double parseDate(VM&, const WTF::String&);
+Index: webkitgtk/Source/JavaScriptCore/runtime/VM.h
+===================================================================
+--- webkitgtk.orig/Source/JavaScriptCore/runtime/VM.h
++++ webkitgtk/Source/JavaScriptCore/runtime/VM.h
+@@ -133,6 +133,7 @@ struct LocalTimeOffsetCache {
+ : start(0.0)
+ , end(-1.0)
+ , increment(0.0)
++ , timeType(WTF::UTCTime)
+ {
+ }
+
+@@ -142,12 +143,14 @@ struct LocalTimeOffsetCache {
+ start = 0.0;
+ end = -1.0;
+ increment = 0.0;
++ timeType = WTF::UTCTime;
+ }
+
+ LocalTimeOffset offset;
+ double start;
+ double end;
+ double increment;
++ WTF::TimeType timeType;
+ };
+
+ class ConservativeRoots;
+Index: webkitgtk/Source/WTF/wtf/DateMath.cpp
+===================================================================
+--- webkitgtk.orig/Source/WTF/wtf/DateMath.cpp
++++ webkitgtk/Source/WTF/wtf/DateMath.cpp
+@@ -363,8 +363,6 @@ int equivalentYearForDST(int year)
+ return year;
+ }
+
+-#if !HAVE(TM_GMTOFF)
+-
+ static int32_t calculateUTCOffset()
+ {
+ #if OS(WINDOWS)
+@@ -406,6 +404,8 @@ static int32_t calculateUTCOffset()
+ #endif
+ }
+
++#if !HAVE(TM_GMTOFF)
++
+ #if OS(WINDOWS)
+ // Code taken from http://support.microsoft.com/kb/167296
+ static void UnixTimeToFileTime(time_t t, LPFILETIME pft)
+@@ -467,8 +467,16 @@ static double calculateDSTOffset(time_t
+ #endif
+
+ // Returns combined offset in millisecond (UTC + DST).
+-LocalTimeOffset calculateLocalTimeOffset(double ms)
++LocalTimeOffset calculateLocalTimeOffset(double ms, TimeType inputTimeType)
+ {
++#if HAVE(TM_GMTOFF)
++ double localToUTCTimeOffset = inputTimeType == LocalTime ? calculateUTCOffset() : 0;
++#else
++ double localToUTCTimeOffset = calculateUTCOffset();
++#endif
++ if (inputTimeType == LocalTime)
++ ms -= localToUTCTimeOffset;
++
+ // On Mac OS X, the call to localtime (see calculateDSTOffset) will return historically accurate
+ // DST information (e.g. New Zealand did not have DST from 1946 to 1974) however the JavaScript
+ // standard explicitly dictates that historical information should not be considered when
+@@ -498,9 +506,8 @@ LocalTimeOffset calculateLocalTimeOffset
+ getLocalTime(&localTime, &localTM);
+ return LocalTimeOffset(localTM.tm_isdst, localTM.tm_gmtoff * msPerSecond);
+ #else
+- double utcOffset = calculateUTCOffset();
+- double dstOffset = calculateDSTOffset(localTime, utcOffset);
+- return LocalTimeOffset(dstOffset, utcOffset + dstOffset);
++ double dstOffset = calculateDSTOffset(localTime, localToUTCTimeOffset);
++ return LocalTimeOffset(dstOffset, localToUTCTimeOffset + dstOffset);
+ #endif
+ }
+
+@@ -1091,7 +1098,7 @@ double parseDateFromNullTerminatedCharac
+
+ // fall back to local timezone
+ if (!haveTZ)
+- offset = calculateLocalTimeOffset(ms).offset / msPerMinute;
++ offset = calculateLocalTimeOffset(ms, LocalTime).offset / msPerMinute; // ms value is in local time milliseconds.
+
+ return ms - (offset * msPerMinute);
+ }
+Index: webkitgtk/Source/WTF/wtf/DateMath.h
+===================================================================
+--- webkitgtk.orig/Source/WTF/wtf/DateMath.h
++++ webkitgtk/Source/WTF/wtf/DateMath.h
+@@ -53,6 +53,11 @@
+
+ namespace WTF {
+
++enum TimeType {
++ UTCTime = 0,
++ LocalTime
++};
++
+ struct LocalTimeOffset {
+ LocalTimeOffset()
+ : isDST(false)
+@@ -126,7 +131,7 @@ WTF_EXPORT_PRIVATE int monthFromDayInYea
+ WTF_EXPORT_PRIVATE int dayInMonthFromDayInYear(int dayInYear, bool leapYear);
+
+ // Returns combined offset in millisecond (UTC + DST).
+-WTF_EXPORT_PRIVATE LocalTimeOffset calculateLocalTimeOffset(double utcInMilliseconds);
++WTF_EXPORT_PRIVATE LocalTimeOffset calculateLocalTimeOffset(double utcInMilliseconds, TimeType = UTCTime);
+
+ } // namespace WTF
+
diff -Nru webkit2gtk-2.6.2+dfsg1/debian/patches/fix-ftbfs-hppa.patch webkit2gtk-2.6.2+dfsg1/debian/patches/fix-ftbfs-hppa.patch
--- webkit2gtk-2.6.2+dfsg1/debian/patches/fix-ftbfs-hppa.patch 1970-01-01 02:00:00.000000000 +0200
+++ webkit2gtk-2.6.2+dfsg1/debian/patches/fix-ftbfs-hppa.patch 2015-03-06 09:33:28.000000000 +0200
@@ -0,0 +1,28 @@
+From: Helge Deller <deller@gmx.de>
+Subject: Fix FTBFS in HPPA
+Bug-Debian: http://bugs.debian.org/776281
+Index: webkitgtk/CMakeLists.txt
+===================================================================
+--- webkitgtk.orig/CMakeLists.txt
++++ webkitgtk/CMakeLists.txt
+@@ -99,6 +99,8 @@ elseif (LOWERCASE_CMAKE_SYSTEM_PROCESSOR
+ set(WTF_CPU_PPC64 1)
+ elseif (LOWERCASE_CMAKE_SYSTEM_PROCESSOR MATCHES "ppc64le")
+ set(WTF_CPU_PPC64LE 1)
++elseif (LOWERCASE_CMAKE_SYSTEM_PROCESSOR MATCHES "parisc*")
++ set(WTF_CPU_HPPA 1)
+ elseif (LOWERCASE_CMAKE_SYSTEM_PROCESSOR MATCHES "s390")
+ set(WTF_CPU_S390 1)
+ elseif (LOWERCASE_CMAKE_SYSTEM_PROCESSOR MATCHES "s390x")
+Index: webkitgtk/Source/JavaScriptCore/CMakeLists.txt
+===================================================================
+--- webkitgtk.orig/Source/JavaScriptCore/CMakeLists.txt
++++ webkitgtk/Source/JavaScriptCore/CMakeLists.txt
+@@ -1056,6 +1056,7 @@ if (WTF_CPU_ARM)
+ list(APPEND JavaScriptCore_SOURCES ${DERIVED_SOURCES_DIR}/GeneratedJITStubs.obj)
+ endif ()
+ elseif (WTF_CPU_ARM64)
++elseif (WTF_CPU_HPPA)
+ elseif (WTF_CPU_PPC)
+ elseif (WTF_CPU_PPC64)
+ elseif (WTF_CPU_PPC64LE)
diff -Nru webkit2gtk-2.6.2+dfsg1/debian/patches/fix-gstreamer-leak.patch webkit2gtk-2.6.2+dfsg1/debian/patches/fix-gstreamer-leak.patch
--- webkit2gtk-2.6.2+dfsg1/debian/patches/fix-gstreamer-leak.patch 1970-01-01 02:00:00.000000000 +0200
+++ webkit2gtk-2.6.2+dfsg1/debian/patches/fix-gstreamer-leak.patch 2015-03-06 09:33:28.000000000 +0200
@@ -0,0 +1,116 @@
+From: Carlos Garcia Campos <carlosgc@webkit.org>
+Subject: Fix memory leak in GStreamer code
+Bug: https://bugs.webkit.org/show_bug.cgi?id=46560
+Origin: http://trac.webkit.org/changeset/175945
+Index: webkitgtk/Source/WebCore/platform/graphics/MediaPlayer.cpp
+===================================================================
+--- webkitgtk.orig/Source/WebCore/platform/graphics/MediaPlayer.cpp
++++ webkitgtk/Source/WebCore/platform/graphics/MediaPlayer.cpp
+@@ -130,7 +130,7 @@ public:
+ virtual double minTimeSeekable() const { return 0; }
+ virtual std::unique_ptr<PlatformTimeRanges> buffered() const { return PlatformTimeRanges::create(); }
+
+- virtual unsigned totalBytes() const { return 0; }
++ virtual unsigned long long totalBytes() const { return 0; }
+ virtual bool didLoadingProgress() const { return false; }
+
+ virtual void setSize(const IntSize&) { }
+Index: webkitgtk/Source/WebCore/platform/graphics/MediaPlayerPrivate.h
+===================================================================
+--- webkitgtk.orig/Source/WebCore/platform/graphics/MediaPlayerPrivate.h
++++ webkitgtk/Source/WebCore/platform/graphics/MediaPlayerPrivate.h
+@@ -130,6 +130,7 @@ public:
+ virtual MediaTime minMediaTimeSeekable() const { return MediaTime::createWithDouble(minTimeSeekable()); }
+ virtual std::unique_ptr<PlatformTimeRanges> buffered() const = 0;
+
++ virtual unsigned long long totalBytes() const { return 0; }
+ virtual bool didLoadingProgress() const = 0;
+
+ virtual void setSize(const IntSize&) = 0;
+@@ -242,8 +243,16 @@ public:
+
+ virtual String languageOfPrimaryAudioTrack() const { return emptyString(); }
+
+- virtual size_t extraMemoryCost() const { return 0; }
+-
++ virtual size_t extraMemoryCost() const
++ {
++ MediaTime duration = this->durationMediaTime();
++ if (!duration)
++ return 0;
++
++ unsigned long long extra = totalBytes() * buffered()->totalDuration().toDouble() / duration.toDouble();
++ return static_cast<unsigned>(extra);
++ }
++
+ virtual unsigned long long fileSize() const { return 0; }
+
+ #if ENABLE(MEDIA_SOURCE)
+Index: webkitgtk/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp
+===================================================================
+--- webkitgtk.orig/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp
++++ webkitgtk/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp
+@@ -211,7 +211,7 @@ MediaPlayerPrivateGStreamer::MediaPlayer
+ , m_volumeAndMuteInitialized(false)
+ , m_hasVideo(false)
+ , m_hasAudio(false)
+- , m_totalBytes(-1)
++ , m_totalBytes(0)
+ , m_preservesPitch(false)
+ , m_requestedState(GST_STATE_VOID_PENDING)
+ , m_missingPlugins(false)
+@@ -1228,12 +1228,12 @@ bool MediaPlayerPrivateGStreamer::didLoa
+ return didLoadingProgress;
+ }
+
+-unsigned MediaPlayerPrivateGStreamer::totalBytes() const
++unsigned long long MediaPlayerPrivateGStreamer::totalBytes() const
+ {
+ if (m_errorOccured)
+ return 0;
+
+- if (m_totalBytes != -1)
++ if (m_totalBytes)
+ return m_totalBytes;
+
+ if (!m_source)
+@@ -1243,7 +1243,7 @@ unsigned MediaPlayerPrivateGStreamer::to
+ gint64 length = 0;
+ if (gst_element_query_duration(m_source.get(), fmt, &length)) {
+ INFO_MEDIA_MESSAGE("totalBytes %" G_GINT64_FORMAT, length);
+- m_totalBytes = static_cast<unsigned>(length);
++ m_totalBytes = static_cast<unsigned long long>(length);
+ m_isStreaming = !length;
+ return m_totalBytes;
+ }
+@@ -1278,7 +1278,7 @@ unsigned MediaPlayerPrivateGStreamer::to
+ gst_iterator_free(iter);
+
+ INFO_MEDIA_MESSAGE("totalBytes %" G_GINT64_FORMAT, length);
+- m_totalBytes = static_cast<unsigned>(length);
++ m_totalBytes = static_cast<unsigned long long>(length);
+ m_isStreaming = !length;
+ return m_totalBytes;
+ }
+Index: webkitgtk/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h
+===================================================================
+--- webkitgtk.orig/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h
++++ webkitgtk/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h
+@@ -92,7 +92,7 @@ public:
+ std::unique_ptr<PlatformTimeRanges> buffered() const;
+ float maxTimeSeekable() const;
+ bool didLoadingProgress() const;
+- unsigned totalBytes() const;
++ unsigned long long totalBytes() const;
+ float maxTimeLoaded() const;
+
+ void loadStateChanged();
+@@ -207,7 +207,7 @@ private:
+ GThreadSafeMainLoopSource m_videoTimerHandler;
+ GThreadSafeMainLoopSource m_videoCapsTimerHandler;
+ GThreadSafeMainLoopSource m_readyTimerHandler;
+- mutable long m_totalBytes;
++ mutable unsigned long long m_totalBytes;
+ URL m_url;
+ bool m_preservesPitch;
+ GstState m_requestedState;
diff -Nru webkit2gtk-2.6.2+dfsg1/debian/patches/fix-integer-overflow.patch webkit2gtk-2.6.2+dfsg1/debian/patches/fix-integer-overflow.patch
--- webkit2gtk-2.6.2+dfsg1/debian/patches/fix-integer-overflow.patch 1970-01-01 02:00:00.000000000 +0200
+++ webkit2gtk-2.6.2+dfsg1/debian/patches/fix-integer-overflow.patch 2015-03-06 09:33:28.000000000 +0200
@@ -0,0 +1,26 @@
+From: Carlos Garcia Campos <carlosgc@webkit.org>
+Subject: Fix crash due to integer overflow
+Bug: https://bugs.webkit.org/show_bug.cgi?id=139165
+Origin: http://trac.webkit.org/changeset/178283
+Index: webkitgtk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
+===================================================================
+--- webkitgtk.orig/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
++++ webkitgtk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
+@@ -2023,7 +2023,7 @@ void ByteCodeParser::handleGetById(
+ {
+ NodeType getById = getByIdStatus.makesCalls() ? GetByIdFlush : GetById;
+
+- if (!getByIdStatus.isSimple() || !Options::enableAccessInlining()) {
++ if (!getByIdStatus.isSimple() || !getByIdStatus.numVariants() || !Options::enableAccessInlining()) {
+ set(VirtualRegister(destinationOperand),
+ addToGraph(getById, OpInfo(identifierNumber), OpInfo(prediction), base));
+ return;
+@@ -2138,7 +2138,7 @@ void ByteCodeParser::handlePutById(
+ Node* base, unsigned identifierNumber, Node* value,
+ const PutByIdStatus& putByIdStatus, bool isDirect)
+ {
+- if (!putByIdStatus.isSimple() || !Options::enableAccessInlining()) {
++ if (!putByIdStatus.isSimple() || !putByIdStatus.numVariants() || !Options::enableAccessInlining()) {
+ if (!putByIdStatus.isSet())
+ addToGraph(ForceOSRExit);
+ emitPutById(base, identifierNumber, value, putByIdStatus, isDirect);
diff -Nru webkit2gtk-2.6.2+dfsg1/debian/patches/fix-jit-crash.patch webkit2gtk-2.6.2+dfsg1/debian/patches/fix-jit-crash.patch
--- webkit2gtk-2.6.2+dfsg1/debian/patches/fix-jit-crash.patch 1970-01-01 02:00:00.000000000 +0200
+++ webkit2gtk-2.6.2+dfsg1/debian/patches/fix-jit-crash.patch 2015-03-06 09:33:28.000000000 +0200
@@ -0,0 +1,69 @@
+From: Carlos Garcia Campos <carlosgc@webkit.org>
+Subject: Fix crash in SpeculativeJIT::compile() when loading theblaze.com
+Bug: https://bugs.webkit.org/show_bug.cgi?id=137642
+Origin: http://trac.webkit.org/changeset/178264
+Index: webkitgtk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp
+===================================================================
+--- webkitgtk.orig/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp
++++ webkitgtk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp
+@@ -1692,7 +1692,26 @@ void SpeculativeJIT::compile(Node* node)
+ break;
+
+ case Identity: {
+- RELEASE_ASSERT_NOT_REACHED();
++ speculate(node, node->child1());
++ switch (node->child1().useKind()) {
++ case DoubleRepUse:
++ case DoubleRepRealUse: {
++ SpeculateDoubleOperand op(this, node->child1());
++ doubleResult(op.fpr(), node);
++ break;
++ }
++ case Int52RepUse:
++ case MachineIntUse:
++ case DoubleRepMachineIntUse: {
++ RELEASE_ASSERT_NOT_REACHED();
++ break;
++ }
++ default: {
++ JSValueOperand op(this, node->child1());
++ jsValueResult(op.tagGPR(), op.payloadGPR(), node);
++ break;
++ }
++ } // switch
+ break;
+ }
+
+Index: webkitgtk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
+===================================================================
+--- webkitgtk.orig/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
++++ webkitgtk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
+@@ -1795,8 +1795,26 @@ void SpeculativeJIT::compile(Node* node)
+ break;
+
+ case Identity: {
+- // CSE should always eliminate this.
+- DFG_CRASH(m_jit.graph(), node, "Unexpected Identity node");
++ speculate(node, node->child1());
++ switch (node->child1().useKind()) {
++ case DoubleRepUse:
++ case DoubleRepRealUse:
++ case DoubleRepMachineIntUse: {
++ SpeculateDoubleOperand op(this, node->child1());
++ doubleResult(op.fpr(), node);
++ break;
++ }
++ case Int52RepUse: {
++ SpeculateInt52Operand op(this, node->child1());
++ int52Result(op.gpr(), node);
++ break;
++ }
++ default: {
++ JSValueOperand op(this, node->child1());
++ jsValueResult(op.gpr(), node);
++ break;
++ }
++ } // switch
+ break;
+ }
+
diff -Nru webkit2gtk-2.6.2+dfsg1/debian/patches/fix-null-renderer.patch webkit2gtk-2.6.2+dfsg1/debian/patches/fix-null-renderer.patch
--- webkit2gtk-2.6.2+dfsg1/debian/patches/fix-null-renderer.patch 1970-01-01 02:00:00.000000000 +0200
+++ webkit2gtk-2.6.2+dfsg1/debian/patches/fix-null-renderer.patch 2015-03-06 09:33:28.000000000 +0200
@@ -0,0 +1,18 @@
+From: Carlos Garcia Campos <carlosgc@webkit.org>
+Subject: NULL pointer check in HTMLPlugInImageElement
+Bug: https://bugs.webkit.org/show_bug.cgi?id=139057
+Origin: http://trac.webkit.org/changeset/178276
+Index: webkitgtk/Source/WebCore/html/HTMLPlugInImageElement.cpp
+===================================================================
+--- webkitgtk.orig/Source/WebCore/html/HTMLPlugInImageElement.cpp
++++ webkitgtk/Source/WebCore/html/HTMLPlugInImageElement.cpp
+@@ -334,6 +334,9 @@ void HTMLPlugInImageElement::updateSnaps
+
+ m_snapshotImage = image;
+
++ if (!renderer())
++ return;
++
+ if (renderer()->isSnapshottedPlugIn()) {
+ toRenderSnapshottedPlugIn(renderer())->updateSnapshot(image);
+ return;
diff -Nru webkit2gtk-2.6.2+dfsg1/debian/patches/fix-null-string-conversion.patch webkit2gtk-2.6.2+dfsg1/debian/patches/fix-null-string-conversion.patch
--- webkit2gtk-2.6.2+dfsg1/debian/patches/fix-null-string-conversion.patch 1970-01-01 02:00:00.000000000 +0200
+++ webkit2gtk-2.6.2+dfsg1/debian/patches/fix-null-string-conversion.patch 2015-03-06 09:33:28.000000000 +0200
@@ -0,0 +1,38 @@
+From: Carlos Garcia Campos <carlosgc@webkit.org>
+Subject: Add NULL check to convertToUTF8String()
+Bug: https://bugs.webkit.org/show_bug.cgi?id=133904
+Origin: http://trac.webkit.org/changeset/178339
+Index: webkitgtk/Source/WebCore/bindings/gobject/ConvertToUTF8String.cpp
+===================================================================
+--- webkitgtk.orig/Source/WebCore/bindings/gobject/ConvertToUTF8String.cpp
++++ webkitgtk/Source/WebCore/bindings/gobject/ConvertToUTF8String.cpp
+@@ -29,11 +29,14 @@
+
+ gchar* convertToUTF8String(WTF::String const& s)
+ {
++ if (s.isNull())
++ return 0;
++
+ return g_strdup(s.utf8().data());
+ }
+
+ gchar* convertToUTF8String(WebCore::URL const& s)
+ {
+- return g_strdup(s.string().utf8().data());
++ return convertToUTF8String(s.string());
+ }
+
+Index: webkitgtk/Tools/TestWebKitAPI/Tests/WebKit2Gtk/DOMNodeTest.cpp
+===================================================================
+--- webkitgtk.orig/Tools/TestWebKitAPI/Tests/WebKit2Gtk/DOMNodeTest.cpp
++++ webkitgtk/Tools/TestWebKitAPI/Tests/WebKit2Gtk/DOMNodeTest.cpp
+@@ -108,6 +108,9 @@ private:
+ // Body shouldn't have any children at this point.
+ g_assert(!webkit_dom_node_has_child_nodes(WEBKIT_DOM_NODE(body)));
+
++ // The value of a non-existent attribute should be null, not an empty string
++ g_assert(!webkit_dom_html_body_element_get_background(WEBKIT_DOM_HTML_BODY_ELEMENT(body)));
++
+ // Insert one P element.
+ WebKitDOMElement* p = webkit_dom_document_create_element(document, "P", 0);
+ g_assert(WEBKIT_DOM_IS_HTML_ELEMENT(p));
diff -Nru webkit2gtk-2.6.2+dfsg1/debian/patches/fix-timers-animations.patch webkit2gtk-2.6.2+dfsg1/debian/patches/fix-timers-animations.patch
--- webkit2gtk-2.6.2+dfsg1/debian/patches/fix-timers-animations.patch 1970-01-01 02:00:00.000000000 +0200
+++ webkit2gtk-2.6.2+dfsg1/debian/patches/fix-timers-animations.patch 2015-03-06 09:33:28.000000000 +0200
@@ -0,0 +1,97 @@
+From: Carlos Garcia Campos <carlosgc@webkit.org>
+Subject: Timers might never be fired during animations
+Bug: https://bugs.webkit.org/show_bug.cgi?id=139062
+Origin: http://trac.webkit.org/changeset/178348
+Index: webkitgtk/Source/WebKit2/WebProcess/WebPage/gtk/LayerTreeHostGtk.cpp
+===================================================================
+--- webkitgtk.orig/Source/WebKit2/WebProcess/WebPage/gtk/LayerTreeHostGtk.cpp
++++ webkitgtk/Source/WebKit2/WebProcess/WebPage/gtk/LayerTreeHostGtk.cpp
+@@ -72,7 +72,7 @@ LayerTreeHostGtk::LayerTreeHostGtk(WebPa
+ : LayerTreeHost(webPage)
+ , m_isValid(true)
+ , m_notifyAfterScheduledLayerFlush(false)
+- , m_lastFlushTime(0)
++ , m_lastImmediateFlushTime(0)
+ , m_layerFlushSchedulingEnabled(true)
+ {
+ }
+@@ -273,16 +273,44 @@ void LayerTreeHostGtk::paintContents(con
+ // FIXME: Draw page overlays. https://bugs.webkit.org/show_bug.cgi?id=131433.
+ }
+
++static inline bool shouldSkipNextFrameBecauseOfContinousImmediateFlushes(double current, double lastImmediateFlushTime)
++{
++ // 100ms is about a perceptable delay in UI, so when scheduling layer flushes immediately for more than 100ms,
++ // we skip the next frame to ensure pending timers have a change to be fired.
++ static const double maxDurationOfImmediateFlushes = 0.100;
++ if (!lastImmediateFlushTime)
++ return false;
++ return lastImmediateFlushTime + maxDurationOfImmediateFlushes < current;
++}
++
++// Use a higher priority than WebCore timers.
++static const int layerFlushTimerPriority = GDK_PRIORITY_REDRAW - 1;
++
+ void LayerTreeHostGtk::layerFlushTimerFired()
+ {
++ double fireTime = monotonicallyIncreasingTime();
+ flushAndRenderLayers();
++ if (m_layerFlushTimerCallback.isScheduled() || !toTextureMapperLayer(m_rootLayer.get())->descendantsOrSelfHaveRunningAnimations())
++ return;
+
+- if (!m_layerFlushTimerCallback.isScheduled() && toTextureMapperLayer(m_rootLayer.get())->descendantsOrSelfHaveRunningAnimations()) {
+- const double targetFPS = 60;
+- double nextFlush = std::max((1 / targetFPS) - (currentTime() - m_lastFlushTime), 0.0);
+- m_layerFlushTimerCallback.scheduleAfterDelay("[WebKit] layerFlushTimer", std::bind(&LayerTreeHostGtk::layerFlushTimerFired, this),
+- std::chrono::duration_cast<std::chrono::microseconds>(std::chrono::duration<double>(nextFlush)), GDK_PRIORITY_EVENTS);
++ static const double targetFramerate = 1 / 60.0;
++ // When rendering layers takes more time than the target delay (0.016), we end up scheduling layer flushes
++ // immediately. Since the layer flush timer has a higher priority than WebCore timers, these are never
++ // fired while we keep scheduling layer flushes immediately.
++ double current = monotonicallyIncreasingTime();
++ double timeToNextFlush = std::max(targetFramerate - (current - fireTime), 0.0);
++ if (timeToNextFlush)
++ m_lastImmediateFlushTime = 0;
++ else if (!m_lastImmediateFlushTime)
++ m_lastImmediateFlushTime = current;
++
++ if (shouldSkipNextFrameBecauseOfContinousImmediateFlushes(current, m_lastImmediateFlushTime)) {
++ timeToNextFlush = targetFramerate;
++ m_lastImmediateFlushTime = 0;
+ }
++
++ m_layerFlushTimerCallback.scheduleAfterDelay("[WebKit] layerFlushTimer", std::bind(&LayerTreeHostGtk::layerFlushTimerFired, this),
++ std::chrono::duration_cast<std::chrono::microseconds>(std::chrono::duration<double>(timeToNextFlush)), layerFlushTimerPriority);
+ }
+
+ bool LayerTreeHostGtk::flushPendingLayerChanges()
+@@ -335,7 +363,6 @@ void LayerTreeHostGtk::flushAndRenderLay
+ if (!context || !context->makeContextCurrent())
+ return;
+
+- m_lastFlushTime = currentTime();
+ if (!flushPendingLayerChanges())
+ return;
+
+@@ -381,7 +408,7 @@ void LayerTreeHostGtk::scheduleLayerFlus
+
+ // We use a GLib timer because otherwise GTK+ event handling during dragging can starve WebCore timers, which have a lower priority.
+ if (!m_layerFlushTimerCallback.isScheduled())
+- m_layerFlushTimerCallback.schedule("[WebKit] layerFlushTimer", std::bind(&LayerTreeHostGtk::layerFlushTimerFired, this), GDK_PRIORITY_EVENTS);
++ m_layerFlushTimerCallback.schedule("[WebKit] layerFlushTimer", std::bind(&LayerTreeHostGtk::layerFlushTimerFired, this), layerFlushTimerPriority);
+ }
+
+ void LayerTreeHostGtk::setLayerFlushSchedulingEnabled(bool layerFlushingEnabled)
+Index: webkitgtk/Source/WebKit2/WebProcess/WebPage/gtk/LayerTreeHostGtk.h
+===================================================================
+--- webkitgtk.orig/Source/WebKit2/WebProcess/WebPage/gtk/LayerTreeHostGtk.h
++++ webkitgtk/Source/WebKit2/WebProcess/WebPage/gtk/LayerTreeHostGtk.h
+@@ -103,7 +103,7 @@ private:
+ PageOverlayLayerMap m_pageOverlayLayers;
+ std::unique_ptr<WebCore::TextureMapper> m_textureMapper;
+ OwnPtr<WebCore::GLContext> m_context;
+- double m_lastFlushTime;
++ double m_lastImmediateFlushTime;
+ bool m_layerFlushSchedulingEnabled;
+ GMainLoopSource m_layerFlushTimerCallback;
+ };
diff -Nru webkit2gtk-2.6.2+dfsg1/debian/patches/http-latin1.patch webkit2gtk-2.6.2+dfsg1/debian/patches/http-latin1.patch
--- webkit2gtk-2.6.2+dfsg1/debian/patches/http-latin1.patch 1970-01-01 02:00:00.000000000 +0200
+++ webkit2gtk-2.6.2+dfsg1/debian/patches/http-latin1.patch 2015-03-06 09:33:28.000000000 +0200
@@ -0,0 +1,64 @@
+From: Carlos Garcia Campos <carlosgc@webkit.org>
+Subject: HTTP header values should be treated as latin1, not UTF-8
+Bug: https://bugs.webkit.org/show_bug.cgi?id=128739
+Origin: http://trac.webkit.org/changeset/178328
+Index: webkitgtk/Source/WebCore/platform/network/soup/ResourceRequestSoup.cpp
+===================================================================
+--- webkitgtk.orig/Source/WebCore/platform/network/soup/ResourceRequestSoup.cpp
++++ webkitgtk/Source/WebCore/platform/network/soup/ResourceRequestSoup.cpp
+@@ -65,12 +65,12 @@ void ResourceRequest::updateFromSoupMess
+ const char* headerName;
+ const char* headerValue;
+ while (soup_message_headers_iter_next(&headersIter, &headerName, &headerValue))
+- m_httpHeaderFields.set(String::fromUTF8(headerName), String::fromUTF8(headerValue));
++ m_httpHeaderFields.set(String(headerName), String(headerValue));
+ }
+
+ void ResourceRequest::updateSoupMessage(SoupMessage* soupMessage) const
+ {
+- g_object_set(soupMessage, SOUP_MESSAGE_METHOD, httpMethod().utf8().data(), NULL);
++ g_object_set(soupMessage, SOUP_MESSAGE_METHOD, httpMethod().ascii().data(), NULL);
+
+ GUniquePtr<SoupURI> uri = createSoupURI();
+ soup_message_set_uri(soupMessage, uri.get());
+@@ -80,7 +80,7 @@ void ResourceRequest::updateSoupMessage(
+
+ SoupMessage* ResourceRequest::toSoupMessage() const
+ {
+- SoupMessage* soupMessage = soup_message_new(httpMethod().utf8().data(), url().string().utf8().data());
++ SoupMessage* soupMessage = soup_message_new(httpMethod().ascii().data(), url().string().utf8().data());
+ if (!soupMessage)
+ return 0;
+
+@@ -102,7 +102,7 @@ void ResourceRequest::updateFromSoupMess
+ if (shouldPortBeResetToZero)
+ m_url.setPort(0);
+
+- m_httpMethod = String::fromUTF8(soupMessage->method);
++ m_httpMethod = String(soupMessage->method);
+
+ updateFromSoupMessageHeaders(soupMessage->request_headers);
+
+Index: webkitgtk/Source/WebCore/platform/network/soup/ResourceResponseSoup.cpp
+===================================================================
+--- webkitgtk.orig/Source/WebCore/platform/network/soup/ResourceResponseSoup.cpp
++++ webkitgtk/Source/WebCore/platform/network/soup/ResourceResponseSoup.cpp
+@@ -87,7 +87,7 @@ void ResourceResponse::updateFromSoupMes
+
+ soup_message_headers_iter_init(&headersIter, headers);
+ while (soup_message_headers_iter_next(&headersIter, &headerName, &headerValue))
+- addHTTPHeaderField(String::fromUTF8WithLatin1Fallback(headerName, strlen(headerName)), String::fromUTF8WithLatin1Fallback(headerValue, strlen(headerValue)));
++ addHTTPHeaderField(String(headerName), String(headerValue));
+
+ String contentType;
+ const char* officialType = soup_message_headers_get_one(headers, "Content-Type");
+@@ -108,7 +108,8 @@ CertificateInfo ResourceResponse::platfo
+
+ String ResourceResponse::platformSuggestedFilename() const
+ {
+- return filenameFromHTTPContentDisposition(httpHeaderField(HTTPHeaderName::ContentDisposition));
++ String contentDisposition(httpHeaderField(HTTPHeaderName::ContentDisposition));
++ return filenameFromHTTPContentDisposition(String::fromUTF8WithLatin1Fallback(contentDisposition.characters8(), contentDisposition.length()));
+ }
+
+ }
diff -Nru webkit2gtk-2.6.2+dfsg1/debian/patches/remote-inspector.patch webkit2gtk-2.6.2+dfsg1/debian/patches/remote-inspector.patch
--- webkit2gtk-2.6.2+dfsg1/debian/patches/remote-inspector.patch 1970-01-01 02:00:00.000000000 +0200
+++ webkit2gtk-2.6.2+dfsg1/debian/patches/remote-inspector.patch 2015-03-06 09:33:28.000000000 +0200
@@ -0,0 +1,17 @@
+From: Carlos Garcia Campos <carlosgc@webkit.org>
+Subject: Make the remote inspector work again
+Bug: https://bugs.webkit.org/show_bug.cgi?id=138246
+Origin: http://trac.webkit.org/changeset/176392
+Index: webkitgtk/Source/WebKit2/UIProcess/WebPageProxy.cpp
+===================================================================
+--- webkitgtk.orig/Source/WebKit2/UIProcess/WebPageProxy.cpp
++++ webkitgtk/Source/WebKit2/UIProcess/WebPageProxy.cpp
+@@ -639,7 +639,7 @@ void WebPageProxy::initializeWebPage()
+ #endif
+
+ #if ENABLE(INSPECTOR_SERVER)
+- if (pageGroup().preferences().developerExtrasEnabled())
++ if (m_preferences->developerExtrasEnabled())
+ inspector()->enableRemoteInspection();
+ #endif
+
diff -Nru webkit2gtk-2.6.2+dfsg1/debian/patches/render-block-cast.patch webkit2gtk-2.6.2+dfsg1/debian/patches/render-block-cast.patch
--- webkit2gtk-2.6.2+dfsg1/debian/patches/render-block-cast.patch 1970-01-01 02:00:00.000000000 +0200
+++ webkit2gtk-2.6.2+dfsg1/debian/patches/render-block-cast.patch 2015-03-06 09:33:28.000000000 +0200
@@ -0,0 +1,17 @@
+From: Carlos Garcia Campos <carlosgc@webkit.org>
+Subject: Fix invalid cast in WebCore::RenderBlock::blockSelectionGaps
+Bug: https://bugs.webkit.org/show_bug.cgi?id=137590
+Origin: http://trac.webkit.org/changeset/178261
+Index: webkitgtk/Source/WebCore/rendering/RenderBlock.cpp
+===================================================================
+--- webkitgtk.orig/Source/WebCore/rendering/RenderBlock.cpp
++++ webkitgtk/Source/WebCore/rendering/RenderBlock.cpp
+@@ -2040,7 +2040,7 @@ GapRects RenderBlock::blockSelectionGaps
+ lastLogicalTop = blockDirectionOffset(rootBlock, offsetFromRootBlock) + curr->logicalBottom();
+ lastLogicalLeft = logicalLeftSelectionOffset(rootBlock, curr->logicalBottom(), cache);
+ lastLogicalRight = logicalRightSelectionOffset(rootBlock, curr->logicalBottom(), cache);
+- } else if (childState != SelectionNone) {
++ } else if (childState != SelectionNone && curr->isRenderBlock()) {
+ // We must be a block that has some selected object inside it. Go ahead and recur.
+ result.unite(toRenderBlock(curr)->selectionGaps(rootBlock, rootBlockPhysicalPosition, LayoutSize(offsetFromRootBlock.width() + curr->x(), offsetFromRootBlock.height() + curr->y()),
+ lastLogicalTop, lastLogicalLeft, lastLogicalRight, childCache, paintInfo));
diff -Nru webkit2gtk-2.6.2+dfsg1/debian/patches/serialized-script-value.patch webkit2gtk-2.6.2+dfsg1/debian/patches/serialized-script-value.patch
--- webkit2gtk-2.6.2+dfsg1/debian/patches/serialized-script-value.patch 1970-01-01 02:00:00.000000000 +0200
+++ webkit2gtk-2.6.2+dfsg1/debian/patches/serialized-script-value.patch 2015-03-06 09:33:28.000000000 +0200
@@ -0,0 +1,54 @@
+From: Carlos Garcia Campos carlosgc@webkit.org>
+Subject: Prevent unsafe access to internal types
+Bug: https://bugs.webkit.org/show_bug.cgi?id=138653
+Origin: http://trac.webkit.org/changeset/178320
+Index: webkitgtk/Source/JavaScriptCore/runtime/MapData.h
+===================================================================
+--- webkitgtk.orig/Source/JavaScriptCore/runtime/MapData.h
++++ webkitgtk/Source/JavaScriptCore/runtime/MapData.h
+@@ -42,8 +42,8 @@ public:
+ const_iterator(const MapData*);
+ ~const_iterator();
+ const WTF::KeyValuePair<JSValue, JSValue> operator*() const;
+- JSValue key() const { ASSERT(!atEnd()); return m_mapData->m_entries[m_index].key.get(); }
+- JSValue value() const { ASSERT(!atEnd()); return m_mapData->m_entries[m_index].value.get(); }
++ JSValue key() const { RELEASE_ASSERT(!atEnd()); return m_mapData->m_entries[m_index].key.get(); }
++ JSValue value() const { RELEASE_ASSERT(!atEnd()); return m_mapData->m_entries[m_index].value.get(); }
+ void operator++() { ASSERT(!atEnd()); internalIncrement(); }
+ static const_iterator end(const MapData*);
+ bool operator!=(const const_iterator& other);
+Index: webkitgtk/Source/WebCore/bindings/js/SerializedScriptValue.cpp
+===================================================================
+--- webkitgtk.orig/Source/WebCore/bindings/js/SerializedScriptValue.cpp
++++ webkitgtk/Source/WebCore/bindings/js/SerializedScriptValue.cpp
+@@ -1218,6 +1218,7 @@ SerializationReturnCode CloneSerializer:
+ Vector<JSObject*, 32> inputObjectStack;
+ Vector<MapData*, 4> mapDataStack;
+ Vector<MapData::const_iterator, 4> iteratorStack;
++ Vector<JSValue, 4> iteratorValueStack;
+ Vector<WalkerState, 16> stateStack;
+ WalkerState state = StateUnknown;
+ JSValue inValue = in;
+@@ -1386,16 +1387,20 @@ SerializationReturnCode CloneSerializer:
+ goto objectStartVisitMember;
+ }
+ inValue = ptr.key();
++ m_gcBuffer.append(ptr.value());
++ iteratorValueStack.append(ptr.value());
+ stateStack.append(MapDataEndVisitKey);
+ goto stateUnknown;
+ }
+ case MapDataEndVisitKey: {
+- inValue = iteratorStack.last().value();
++ inValue = iteratorValueStack.last();
++ iteratorValueStack.removeLast();
+ stateStack.append(MapDataEndVisitValue);
+ goto stateUnknown;
+ }
+ case MapDataEndVisitValue: {
+- ++iteratorStack.last();
++ if (iteratorStack.last() != mapDataStack.last()->end())
++ ++iteratorStack.last();
+ goto mapDataStartVisitEntry;
+ }
+
diff -Nru webkit2gtk-2.6.2+dfsg1/debian/patches/series webkit2gtk-2.6.2+dfsg1/debian/patches/series
--- webkit2gtk-2.6.2+dfsg1/debian/patches/series 2014-12-07 18:53:35.000000000 +0200
+++ webkit2gtk-2.6.2+dfsg1/debian/patches/series 2015-03-06 09:33:28.000000000 +0200
@@ -15,3 +15,18 @@
protect-document.patch
at-spi2.patch
ax-focus-events.patch
+fix-ftbfs-hppa.patch
+fix-gstreamer-leak.patch
+remote-inspector.patch
+render-block-cast.patch
+fix-jit-crash.patch
+fix-null-renderer.patch
+fix-integer-overflow.patch
+serialized-script-value.patch
+http-latin1.patch
+fix-null-string-conversion.patch
+fix-timers-animations.patch
+fix-ax-crash.patch
+fix-clearselection-segfault.patch
+fix-date.patch
+check-tls-errors.patch
--- End Message ---